#!/bin/sh

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

NG=$1
VUSER=$2
PER=$3
ACT=$4
RULEFILE=/etc/pf.d/60_pptp_fw.rules

case $PER in
	limit)
		if [ "$ACT" = "del" ]; then
			sed -i '' "/^# $VUSER pptp/d" $RULEFILE
			sed -i '' "/^pass in quick on $NG /d" $RULEFILE
			sed -i '' "/^block return in quick on $NG all/d" $RULEFILE
			exit 0
		else
			cat << EOF >> $RULEFILE
# $VUSER pptp
pass in quick on $NG inet proto {tcp,udp,icmp} from any to {10.18.16.1,10.18.16.5,10.18.16.6,!10.18.0.0/16} keep state
block return in quick on $NG all
EOF
		fi
	;;
esac

